Import files - Pre-Request Scripts

You can add a pre-request script to perform actions before each request is sent out by the scanner. This is typically used to manipulate the content of the request itself before it is sent out, by adding, for example, custom HTTP headers.

As an example, you can create a file named PreRequestScript.js with the following content:

/// url:  /

/// script_type: prerequestscript

ax.log(ax.LogLevelInfo,"Pre Request Script Start");

var myhttp = scriptArg.http;

var myrequest = myhttp.request;

var mydate = (Date.now() / 1000).toString();

// add headers to the request before it is sent out

myrequest.setHeader('AcunetixPreRequestScriptEnabled', 'yes');

myrequest.setHeader('AcunetixPreRequestScriptTimeStamp', mydate);

ax.log(ax.LogLevelInfo,"Pre Request Script End");

For this example, each request sent out by the scanner function will now contain 2 additional headers:

Information logged by pre-request scripts via the ax.log() function are available in the debug logs. You can specify the log level by using one of the log level constants:

ax.log(ax.LogLevelDebug,   'message');

ax.log(ax.LogLevelInfo,    'message');

ax.log(ax.LogLevelWarning, 'message');

ax.log(ax.LogLevelError,   'message');

You can identify the location of the debug logs in the Events tab of the Scan page by expanding the Scan Job Completed event (the logs are in logfile.csv inside the zip file).

For this example, you would find something like the following:

🔍 Pre-Request Script Files - directives

Note that the pre-request script must contain 2 mandatory directives at the beginning of the file:

  • directive /// url: <path> specifies the URLs that the pre-request script will be applied to; in this example, the URL "/" means the root of the target and anything beneath the root
  • directive /// script_type: prerequestscript identifies the file as a pre-request script; without this directive, the file will not be considered a pre-request script

 

« Back to the Acunetix Support Page